Last Thursday, in a vote split along party lines, the Federal Communications Commission (“FCC”) approved a new regulatory regime staking its claim to privacy regulation of both fixed and mobile Internet service providers (“ISPs”) like Comcast, Verizon, and AT&T.  The FCC’s rules follow its decision in the Open Internet Order, released last year and analyzed here, to classify broadband Internet access service as a common-carrier telecommunications service.  The FCC’s new rules are intended to give consumers control over the ways in which ISPs use and share their customers’ private information.  While the FCC has yet to release its Report and Order, the FCC’s Fact Sheet and statements by the commissioners indicate that the new privacy rules in many respects track the proposed rules the FCC put forward earlier this year, which seek to make the FCC the “toughest” privacy regulator in the Internet ecosystem by imposing on ISPs significantly more onerous and restrictive requirements for use and collection of consumer data than the Federal Trade Commission (“FTC”) imposes on its non-ISP competitors.
Continue Reading FCC Issues New Privacy Rules for Internet Service Providers: Safeguarding Consumers or Lulling Them Into A False Sense of Privacy?

The Federal Communications Commission (“FCC”) asserted broad regulatory authority over the Internet and broadband Internet service providers when it reclassified Internet access service as a “common carrier” service under Title II of the Communications Act of 1934 in its 2015 Net Neutrality Order (discussed in detail here).  One of the many important questions left unanswered by the FCC’s reclassification decision was whether and to what extent the Federal Trade Commission (“FTC”) retained authority under Section 5 of the FTC Act to prohibit deceptive or unfair acts and practices by Internet service providers, in light of Section 5’s exemption of “common carriers” subject to the Communications Act.
Continue Reading Ninth Circuit Removes FTC From The Beat: Agency Lacks Authority To Police Common Carriers Engaged In Non-Common Carrier Activities

The FCC recently slid up its chair to the fiscal feast that is cyber security and data breach regulation and took a hefty piece of the pie.  In late October the FCC announced that it charged a record $10 million fine against two telecommunication companies after the telecoms reportedly posted the private information of nearly 300,000 people in a manner making the people eligible for identity theft. Taking a cue from the Federal Trade Commission (“FTC”), the FCC action was not based on any new set of concrete regulations or laws established to give organizations a minimum bar for data protection, but rather on existing FCC powers established under the Communications Act of 1934. The action serves as good warning not only to communications providers that the FCC will be examining data breaches and, more expressly, data storage issues, but also that in the absence of clear cybersecurity regulations, federal agencies will take an expansive view of their existing authority to address cybersecurity-related incidents involving companies subject to their jurisdiction.
Continue Reading The FCC Takes a Seat at the Cyber-Regulation Table